An Adaptive Encryption-as-a-Service Architecture Based on Fog Computing for Real-Time Substation Communications

The recent outbreak of industrial cyberattacks indicates that the current industrial network security architecture is under serious challenges. As one of the critical industrial networks, the heterogeneous and real-time substation network lacks compatibility with the conventional cryptography architecture represented by secure sockets layer/transport layer security (SSL/TLS) and public key infrastructure (PKI). To enhance the security of smart substations under the premise of low latency, in this article, we present a novel encryption-as-a-service architecture based on fog computing in this article. The architecture offloads encryption to dedicated devices and makes certificate and key management available through unified web services on the fog and cloud layers. Based on this architecture, we propose MX-SORTS, maximizing security on real-time communication of different services, an algorithm for adaptive configuration of encrypting and signing substation network traffic. By the contrast experiments with the conventional cryptography architecture, we prove that the encryption-as-a-service architecture can significantly improve the real-time and security performance of substation networks.